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Response to Arguments 

1 . Applicant's arguments filed on 02/02/2009 have been fully considered but they 

are not persuasive for the following reasons: 

Applicant argues that Gai does not disclose "wherein the object is captured and 
the captured object is a plurality of packets that are broken down by a capture system 
and then reassembled". However, Gai discloses (on column 8 lines 31-52) software 
entities executing on the various end stations and servers typically communicate with 
each other by exchanging discrete packets or frames of data according to 
predefined protocols, such as the Transmission Control Protocol/Internet Protocol 
(TCP/IP), the Internet Packet Exchange (IPX) protocol, the AppleTalk protocol, the 
DECNet protocol or NetBIOS Extended User Interface (NetBEUI). In this context, a 
protocol consists of a set of rules defining how the entities interact with each other. 
Data transmission over the network consists of generating data in a sending process 
executing on a first end station, passing that data down through the layers of a protocol 
stack where the data are sequentially formatted for delivery over the links as bits. 
Those frame bits are then received at the destination station where they are re- 
assembled and passed up the protocol stack to a receiving process. Each layer 
of the protocol stack typically adds information (in the form of a header) to the data 
generated by the upper layer as the data descends the stack. At the destination 
station, these headers are stripped off one-by-one as the frame propagates up the 
layers of the stack until it arrives at the receiving process. 
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Examiner respectfully disagrees with all other allegations as argued as will be 
discussed in detail below. Examiner, in her previous office action gave detail 
explanation of claimed limitation and pointed out exact locations in the cited prior art. 

Examiner is entitled to give claim limitations their broadest reasonable 
interpretation in light of the specification. See MPEP 21 1 1 [R-1] 

Interpretation of Claims-Broadest Reasonable Interpretation 

During patent examination, the pending claims must be 'given the 
broadest reasonable interpretation consistent with the specification'. 

Applicant always has the opportunity to amend the claims during prosecussion 
and broad interpretation by the examiner reduces the possibility that the claim, once 
issued, will be interpreted more broadly than is justified. In re Prater, 162 USPW 
541,550-51 (CCPA1969). 



Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), 
by another filed in the United States before the invention by the applicant for patent or (2) a 
patent granted on an application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international application filed under the treaty 
defined in section 351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the United States and 
was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-9, 26 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 



7,185,073 B1 issued to Gai et al. ("Gai"). 
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As per claim 1 , Gai teaches "a computer readable medium having stored thereon 
data representing instructions that, when executed by a processor, cause the processor 
to perform operations comprising": 

generating a tag describing an object captured during transmission from an origination 
address to a destination address, wherein the object is captured and the captured 
object is a plurality of packets that are broken down by a capture system and the 
reassembled, and wherein the tag includes, (column 8 lines 31-52) 
"a source address field to indicate an origination address of the object," (column 1 lines 
17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 
51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 
11-66, column 16 lines 1-5), 

"a destination address field to indicate a destination address of the object," (column 1 
lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 
lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 
lines 11-66, column 16 lines 1-5), 

"a source port field to indicate an origination port of the object," (column 1 lines 17-66, 
column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, 
column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 11-66, 
column 16 lines 1-5), 

"a destination port field to indicate a destination port of the object," (column 1 lines 17- 
66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5), 
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"a content field to indicate a content type from a plurality of content types identifying a 
type of content contained in the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6), and 
"a time field to indicate when the object was captured," (column 14 lines 30-46); and 
"storing the tag in a database, wherein the tag indexes a captured object in storage," 
(Figures 7A, 7B). 

As per claim 2, Gai further shows "the plurality of content types," comprises: 
"JPEG, GIF, BMP, TIFF, PNG, Skintone, PDF, MSWord, Excel, PowerPoint, MSOffice, 
HTML, WebMail, SMTP, Telnet, Rlogin, FTP, Chat, GZIP, ZIP, TAR, C++ Source, C 
Source, FORTRAN Source, Verilog Source, C Shell, K Shell, Bash Shell, Plaintext, 
Crypto, LIF, Binary Unknown, ASCII Unknown, and Unknown," (column 11 lines 48-66, 
Fig.7B, Fig. 6). 

As per claim 3, Gai further shows "generating a device identity field to indicate a 
device that captured the object," (column 12 lines 46-66, column 13 lines 1-6). 

As per claim 4, Gai further shows "generating a protocol field to indicate the 
protocol that carried the object," (column 12 lines 46-66, column 13 lines 1-6, Fig. 7B). 

As per claim 5, Gai further shows "an instance field to indicate a 
number of the object in a connection," (column 14 lines 30-62). 

As per claim 6, Gai further shows "generating an encoding field to indicate a how 
the object was encoded," (column 19 lines 1-14, column 19 lines 26-37). 

As per claim 7, Gai further shows "generating a size field to indicate the size of 
the object," (column 8 lines 40-52). 
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As per claim 8, Gai further shows "generating an owner field to indicate an 
entity that requested capture of the object," (column 12 lines 10-23, column 18 lines 37- 
66). 

As per claim 9, Gai further shows "generating a capture rule field to indicate a 
rule that triggered capture of the object," (column 19 lines 1-37). 

As per claim 26, Gai teaches "a method to index a captured object, comprising": 
generating for storage of objects captured during transmission from an origination 
address to a destination address: 

"a source address field to indicate an origination address of the object," (column 1 lines 
17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 
51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 
11-66, column 16 lines 1-5); 

"a destination address field to indicate a destination address of the object," (column 1 
lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 
lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 lines 1-4, column 15 
lines 11-66, column 16 lines 1-5); 

"a source port field to indicate an origination port of the object; a destination port field to 
indicate a destination port of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a content field to indicate a content type from a plurality of content types identifying a 
type of content contained in the object, wherein the object is captured and the captured 
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object is a plurality of packets that are broken down by a capture system and then 
reassembled" (column 8 lines 31-52, column 11 lines 48-66, Fig. 7B, Fig. 6); and 
"a time field to indicate when the object was captured," (column 14 lines 30-46); and 
"storing data in the fields to create a tag, the tag indexing a captured object in storage," 
(Figures 7A, 7B). 

Claim Rejections - 35 USC §103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

5. Claims 10-17, 27 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. 7,185,073 B1 issued to Gai et al. ("Gai") and in view of "Cryptographic Hash 
Functions" issued to Bart Preneel ("Preneel"). 

Gai teaches the data structure of claim 10, set forth in the rejection of claim 1 
above but does not explicitly teach: "generating a signature field to store a signature of 
the object". However, Preneel teaches a similar data structure of hash function (pages 
2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill in the art 
at the time of the invention was made to provide the data structure of Gai with the 
teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 
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As per claim 1 1 , Preneel and Gai teach the data structure of claim 10 discussed 
above. Preneel also teaches: "the signature comprises a digital cryptographic 
signature," (pages 2-5 sections 2-2.3). 

Gai teaches the data structure of claim 12, set forth in the rejection of claim 1 
above but does not explicitly teach: "generating a tag signature field to store a signature 
of the data structure". However, Preneel teaches a similar data structure of hash 
function (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of 
ordinary skill in the art at the time of the invention was made to provide the data 
structure of Gai with the teaching of Preneel by using the hash function to solve the 
security problems in telecommunication and computer networks. 

As per claim 13, Preneel and Gai teach the data structure of claim 12 discussed 
above. Preneel also teaches: "the tag signature comprises a digital cryptographic 
signature," (pages 2-5 sections 2-2.3). 

As per claim 14, Gai does not explicitly teach: "a computer readable medium 
having stored thereon data representing instructions that, when executed by a 
processor, cause the processor to perform operations comprising": 
storing data associated with capture of an object by a capture system to create a tag 
that indexes the captured object in storage, wherein the object is captured and the 
captured object is a plurality of packets that are broken down by the capture system and 
then reassembled the data comprising: 

"an Ethernet controller MAC address of the capture system that captured the object," 
(column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 8 lines 53-66, 
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column 9 lines 1-4, column 8 lines 31-66, column 9 lines 1-4); 

"a source Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a destination Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 
1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a source TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 1- 
66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
16, column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1- 
5); 

"a destination TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 

1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31- 

66, column 9 lines 1-4, column 15 lines 11-66, column 16 lines 1-5); 

"an IP protocol that carried the object when captured by the capture 

system," (column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 

lines 12-34, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 

lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 -5); 

"a canonical count of a number of the object within a TCP/IP connection," (column 2 
lines 15-27); 

"a content type of the object," (column 11 lines 48-66, Fig. 7B, Fig. 6); 
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"an encoding that was used on the object," (column 19 lines 1-14, column 19 lines 26- 
37); 

"a size of the object," (column 8 lines 40-52); 

"a timestamp indicating when the capture system captured the object," (column 14 lines 
30-46); 

"a user who requested capture of the object," (column 12 lines 10-23, column 18 lines 
37-66); 

"a capture rule that directed capture of the object," (column 19 lines 1-37); 
"a hash signature of the object," (pages 2-5 sections 2-2.3); 
and a hash signature of the tag," (pages 2-5 sections 2-2.3). 

However, Preneel teaches hash function of the object and hash function of the 
tag (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill 
in the art at the time of the invention was made to provide the data structure of Gai with 
the teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 

As per claim 15, Preneel and Gai teach the data structure of claim 14 discussed 
above. Preneel also teaches: "the hash signature of the object comprises a digital 
cryptographic signature of the object," (pages 2-5 sections 2-2.3). 

As per claim 16, Preneel and Gai teach the data structure of claim 14 discussed 
above. Preneel also teaches: "the hash signature of the tag comprises a digital 
cryptographic signature of the tag," (pages 2-5 sections 2-2.3). 
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As per claim 1 7, Gai teaches: "the content type of the object is one of JPEG, GIF, 
BMP, TIFF, PNG, Skintone, PDF, MSWord, Excel, PowerPoint, MSOffice, HTML, 
WebMail, SMTP, Telnet, Rlogin, FTP, Chat, GZIP, ZIP, TAR, C++ Source, C Source, 
FORTRAN Source, Verilog Source, C Shell, K Shell, Bash Shell, Plaintext, Crypto, LIF, 
Binary Unknown, ASCII Unknown, and Unknown," (column 11 lines 48-66, Fig. 7B, Fig. 
6). 

As per claim 27, Gai does not explicitly teach "a method to index a captured 
object, comprising": 

storing data associated with capture of an object by a capture system to create a tag 
indexing the captured object in storage, wherein the object is captured and the captured 
object is a plurality of packets that are broken down by the capture system and then 
reassembled, the data comprising: 

"an Ethernet controller MAC address of the capture system that captured the object," 
(column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 8 lines 53-66, 
column 9 lines 1-4, column 8 lines 31-66, column 9 lines 1-4); 

"a source Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 1-66, 
column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1-16, 
column 8 lines 31-66, column 9 lines 1-4, column 15 lines 1 1-66, column 16 lines 1-5); 
"a destination Ethernet IP address of the object," (column 1 lines 17-66, column 2 lines 
1-66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
1 6, column 8 lines 31 -66, column 9 lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 - 
5); 
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"a source TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 1- 
66, column 3 lines 1-10, column 3 lines 12-34, column 3 lines 51-66, column 4 lines 1- 
1 6, column 8 lines 31 -66, column 9 lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 - 
5); 

"a destination TCP/IP port number of the object," (column 1 lines 17-66, column 2 lines 

1-66, column 3 lines 1-10, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31- 

66, column 9 lines 1-4, column 15 lines 11-66, column 16 lines 1-5); 

"an IP protocol that carried the object when captured by the capture 

system," (column 1 lines 17-66, column 2 lines 1-66, column 3 lines 1-10, column 3 

lines 12-34, column 3 lines 51-66, column 4 lines 1-16, column 8 lines 31-66, column 9 

lines 1 -4, column 1 5 lines 1 1 -66, column 1 6 lines 1 -5); 

"a canonical count of a number of the object within a TCP/IP 

connection," (column 2 lines 15-27); 

"a content type of the object," (column 1 1 lines 48-66, Fig. 7B, Fig. 6); 

"an encoding that was used on the object," (column 19 lines 1-14, column 19 lines 26- 

37); 

"a size of the object," (column 8 lines 40-52); 

"a timestamp indicating when the capture system captured the 

object," (column 14 lines 30-46); 

"a user who requested capture of the object," (column 12 lines 10-23, column 18 lines 
37-66); 

"a capture rule that directed capture of the object," (column 19 lines 1-37); 
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"a hash signature of the object," (pages 2-5 sections 2-2.3); 
"a hash signature of the object," (pages 2-5 sections 2-2.3); and 
"a hash signature of the tag," (pages 2-5 sections 2-2.3). 

However, Preneel teaches hash function of the object and hash function of the 
tag (pages 2-5 sections 2-2.3). Thus, it would have been obvious to one of ordinary skill 
in the art at the time of the invention was made to provide the data structure of Gai with 
the teaching of Preneel by using the hash function to solve the security problems in 
telecommunication and computer networks. 



Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the mailing date of this final action. 
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Contact Information 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kim T. Nguyen whose telephone number is (571)270- 
1757. The examiner can normally be reached on 7:30AM to 5:00PM East. Alt Friday 
off. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Don Wong can be reached on (571)272-1834. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Mar. 31,2009 



/K.T. N./ 

Examiner, Art Unit 2163 
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Supervisory Patent Examiner, Art Unit 2163 
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